[go: up one dir, main page]

WO2002067494A1 - Method and system for secured transmission of code keys and for the transmission of commands and data in data networks - Google Patents

Method and system for secured transmission of code keys and for the transmission of commands and data in data networks Download PDF

Info

Publication number
WO2002067494A1
WO2002067494A1 PCT/IB2002/000500 IB0200500W WO02067494A1 WO 2002067494 A1 WO2002067494 A1 WO 2002067494A1 IB 0200500 W IB0200500 W IB 0200500W WO 02067494 A1 WO02067494 A1 WO 02067494A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
sender
addressee
key
subscriber
Prior art date
Application number
PCT/IB2002/000500
Other languages
German (de)
French (fr)
Inventor
Hermann Stockburger
Original Assignee
Stockburger, Andreas
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Stockburger, Andreas filed Critical Stockburger, Andreas
Publication of WO2002067494A1 publication Critical patent/WO2002067494A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the invention relates to a method for securely conveying a coding key between communication partners in a data network and for securely transmitting data and information in the data network.
  • the invention also relates to a system for performing this method.
  • the systems mentioned relate to the areas of legally binding generation and the exchange of biometrically supported and linked electronic signatures via human / machine interfaces by the users personally, as well as the secure, uncompromising generation and transmission of a coding key between the Communication partners, for example in open data networks, such as the mobile radio network, and cryptographically securing the transmission of commands, data and information during the session in data and communication networks, such as on the Internet or in the mobile radio network, etc.
  • the object of the invention is therefore to provide easy-to-use, simple means and methods for satisfying this security need.
  • the drawing shows a diagram of a communication between two subscriber systems of a public network
  • the typical situation for the use of the present invention shown in the drawing shows two subscriber systems 33 and 34 of an open system, which interactively communicate with one another temporarily during a session via public network 30, network node 31 and exchange 32.
  • a subscriber system 33 acts as the sender of a message, for example an inquiry regarding a possible business relationship.
  • the other subscriber system 34 has the role of the addressee, ie the potential business partner requested.
  • Both systems have the same structural structure of functional modules and are compatible with each other. They can be permanently installed stationary for a certain user group as human-machine interfaces, for example in connection with a personal computer or a host, or alternatively in portable human-machine interfaces, such as.
  • the subscriber system-side identification or verification of the system user, provided for the system access, including authentication of the electronic legitimation or systems used in this case, is carried out according to the methods described in CH Patent Applications No. 2150/00 and 2289/00, and WO 99/02047 ,
  • the spectrum of HF identification signals obtained, which represents the identity of this system and / or its user, is converted into a digital data record which is used in the area of cryptography, ie. H. is used for the secure generation and transmission of coding keys and then also in secure communication.
  • the mediation procedure proceeds as follows: A valid algorithm is determined centrally and made public.
  • the sender's mentioned digital data record is used as a provisional coding key for the first, yet non-binding contact is used and is also referred to as the primary session key.
  • the first, relatively insensitive data together with system-identifying and user-representative (biometric) data are encrypted in the central processing unit (CPU) of the subscriber system 33 to form a cryptogram 28.
  • the cryptogram 28 is passed together with a further data packet 29, which contains only non-critical content, such as address and sender etc. for the orientation of the addressee in plain text, to the subscriber system 34 of the communication partner via the public network 30, network node 31 and switch 32.
  • the cryptogram 28 received by the subscriber system 34 is temporarily stored in the system's central unit.
  • a primary session key and a cryptogram 28 ' are also generated in the subscriber system 34, as was previously the case in the subscriber system 33. However, this is formed from the addressee's data record and thus differs from the sender's primary session key in its content.
  • the cryptogram 28 ' is then arithmetically assigned to the transmitted cryptogram 28, which cannot be decrypted by the subscriber system 34 without the primary session key of the sender that has not been deliberately transmitted.
  • the primary session key pair in the form of the cryptograms 28 'and 28 is sent to the subscriber system 33 of the communication partner with a further data packet 29', which contains only non-critical content, such as address and sender, etc. for the orientation of the receiver system in plain text public network 30, network node 31 and switch 32 routed.
  • both communication partners Upon completion of the response sequence, both communication partners have the same term, i.e. H. the same primary session key pair in the form of cryptograms 28 'and 28, which to a certain extent authenticate the corresponding physical individualities of the two subscriber systems 33 and 34, the biometric individualities of their system users and their further identity as a signature for future machine authorization checks.
  • both subscriber systems 33 and 34 are enabled by hardware and / or software, autonomously and synchronously, according to predetermined rules defined in the program, which are resident in them, from random, resulting during the operation Management variables, such as B. final digits of the terms, checksums and / or checksums, etc., which are absolutely not recorded by outside observers can and therefore remain secret to derive and carry out self-controlled, corresponding mutations 39 of the session key pair with the cryptograms 28 'and 28.
  • Management variables such as B. final digits of the terms, checksums and / or checksums, etc.
  • transfer session key 36 which is used jointly during the session in question for the transfer of the sensitive data to be protected and is then immediately deleted again for reasons of security.
  • the sequence of the entire process can e.g. can be triggered by an external start impulse or alternatively by a short-term biometric positive test of the adapted test object etc. and then keep on hold for the duration of the process.
  • process flow can also be made dependent on the fact that the biometric test specimen (finger) of the authorized, legal system user remains permanently on the adaptation surface of the biometric sensor during the entire process or the process flow is otherwise interrupted.
  • biometrics according to the sensor system 49 is mandatory, i.e. absolutely necessary. As a result, for example, it is implemented on the basis of the aforementioned CH patent applications. It is also used for the generation of code keys (keys) etc.
  • slave subscriber systems are addressed wirelessly or via networking and are authenticated interactively in the same way as described in the first exemplary embodiment.
  • biometry of the master participant system plays a key role. In this, biometrics are generally retained.
  • the purpose of the session is the bug-proof and tamper-proof bidirectional transfer of e.g. Machine commands etc. on actuators, actuators, servo devices etc.
  • the slave subscriber systems are completely sufficient and tamper-proof with a specific, unmistakably assigned subscriber address, e.g. a mobile subscriber number.
  • subscriber address e.g. a mobile subscriber number.
  • they are unique in a dynamic and sensory process during the session in the manner according to the invention and can be authenticated securely even without biometrics.
  • a complex mathematical and session-specific verification between the two systems takes place during the session in interaction between the master and slave participant systems.
  • master and slave subscriber systems are particularly suitable for highly current, qualified and tamper-proof due to their flexible organization, telecommunications capability, miniaturizability etc.
  • Systems of the entire locking technology such as building automation including telecontrol technology, telemetry etc. With the same attractiveness they can also be used advantageously in the automotive sector and many other conventional as well as future applications, especially in the IT sector.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

In order to securely transmit code keys and data between a sender and an addressee in a public data network, the identity of the sender, i. e. biometrically generated data unequivocally identifying said sender and authentication data of the sender's subscriber system is used as provisional code key in a first interrogation of the sender. The authentication data of the addressee's subscriber system, optionally combined with his/her biometric data, is used as provisional code key for the reply of the addressee. A common transfer session key is generated by combination for the secured data transfer from both provisional code keys. To produce said transfer session key, system internal mutations can be carried in the combined provisional code keys.

Description

Verfahren und System zur gesicherten Codierungsschlüsselvermittlung, sowie zur Befehls- und Datenübertragung in Da- tennetzen .Method and system for secure coding key switching, as well as for command and data transmission in data networks.
Die Erfindung betrifft ein Verfahren zur gesicherten Vermittlung eines Codierungsschlüssels zwischen Kommunika- tionspartnern in einem Datennetz und zur gesicherten Daten- und Informationsübermittlung im Datennetz. Die Erfindung betrifft auch ein System zur Durchführung dieses Verfahrens .The invention relates to a method for securely conveying a coding key between communication partners in a data network and for securely transmitting data and information in the data network. The invention also relates to a system for performing this method.
Die modernen, teils weiträumigen und komplexen Vernetzungsstrukturen im Computer- und Telekommunikationsbereich benötigen zum Schutz ihrer Benutzer und deren Applikationen die umfassende Gewährleistung von Sicherheit gegen das Abhören, gegen den Missbrauch und gegen die weiteren vielfältigen Möglichkeiten zu kriminellen Attacken. Insbesondere die Verbreitung des Internet als globale Telekommunikationsstruktur für jedermann und das künftige Mobilfunknetz ge- mäss den UMTS-Standards mit ihren multifunktionalen Nutzungsmöglichkeiten verleihen diesem Sicherheitsbedürfnis entscheidenden Nachdruck.To protect their users and their applications, the modern, sometimes extensive and complex networking structures in the computer and telecommunications sector require comprehensive security against eavesdropping, misuse and the many other possibilities for criminal attacks. In particular, the spread of the Internet as a global telecommunications structure for everyone and the future mobile network in accordance with the UMTS standards with their multifunctional uses give this security need a decisive emphasis.
Technisch und sicherheitstechnisch betreffen die erwähnten Systeme die Bereiche der rechtsverbindlichen Generierung und des Austausches biometrisch gestützter und verknüpfter Elektronischer Signaturen via Mensch/Maschinen- Schnittstellen durch die Benutzer persönlich, sowie der gesicherten, nicht kompromittierbaren Generierung und Vermittlung eines Codierungsschlüssels (Keys) zwischen den Kommunikationspartnern, beispielsweise in offenen Datennetzen, wie dem Mobilfunknetz, sowie der kryptographischen Sicherung der Übertragung von Befehlen, Daten und Informationen während der Session in Daten- und Kommunikationsnetzen, wie z.B. im Internet oder im Mobilfunknetz usw.Technically and security-related, the systems mentioned relate to the areas of legally binding generation and the exchange of biometrically supported and linked electronic signatures via human / machine interfaces by the users personally, as well as the secure, uncompromising generation and transmission of a coding key between the Communication partners, for example in open data networks, such as the mobile radio network, and cryptographically securing the transmission of commands, data and information during the session in data and communication networks, such as on the Internet or in the mobile radio network, etc.
Bekannte Systeme können die hierfür benötigte umfassende Sicherheit nicht oder wenigstens nicht in einfacher Weise leisten. Deshalb liegt der Erfindung die Aufgabe zugrunde, leicht handhabbare, einfache Mittel und Methoden zur Befriedigung dieses Sicherheitsbedürfnisses bereitzustellen.Known systems cannot provide the comprehensive security required for this, or at least not in a simple manner. The object of the invention is therefore to provide easy-to-use, simple means and methods for satisfying this security need.
Erfindungsgemäss wird diese Aufgabe durch Verfahren und Systeme mit den in den Ansprüchen definierten Merkmalen gelöst .According to the invention, this object is achieved by methods and systems with the features defined in the claims.
Im folgenden wird anhand der beiliegenden Zeichnung ein Ausführungsbeispiel der Erfindung beschrieben. Die Zeich- nung zeigt ein Diagramm einer Kommunikation zweier Teilnehmersysteme eines öffentlichen Netzes,In the following an embodiment of the invention will be described with reference to the accompanying drawings. The drawing shows a diagram of a communication between two subscriber systems of a public network,
Die in der Zeichnung dargestellte typische Situation für den Einsatz der vorliegenden Erfindung zeigt zwei Teilnehmersysteme 33 und 34 eines offenen Systems, welche via öffentliches Netz 30, Netzknoten 31 und Vermittlung 32 miteinander vorübergehend während einer Session interaktiv kommunizieren. Ein Teilnehmersystem 33 fungiert dabei als Absender einer Nachricht, beispielsweise einer Anfrage betreffend eine mögliche Geschäftsbeziehung. Dem anderen Teilnehmersystem 34 kommt in dieser Phase die Rolle des Adressaten, d.h. des angefragten potentiellen Geschäftspartners zu. Beide Systeme besitzen denselben strukturellen Aufbau an Funktionsmodulen und sind miteinander kompatibel. Sie können sowohl stationär für einen bestimmten Benutzerkreis als Mensch-Maschinen-Interfaces, z.B. in Verbindung mit einem Personalcomputer bzw. einem Host, fest installiert sein, als auch alternativ dazu in portablen Mensch-Maschinen- Interfaces, wie z. B. Handys, Smart Cards, Laptops, Kommunikatoren, intelligenten elektronischen Schliesssystemen usw., integriert werden und die Funktionen intelligenter elektronischer Dokumente, Legitimationen, Schlüssel usw. für Computer- und Telekommunikationssysteme, intelligente Telemetriesysteme, sowie intelligente Systeme der Ferndiagnose und der Fernwartung bzw. der Befehlseingabe und Befehlsannahme etc., wahrnehmen.The typical situation for the use of the present invention shown in the drawing shows two subscriber systems 33 and 34 of an open system, which interactively communicate with one another temporarily during a session via public network 30, network node 31 and exchange 32. A subscriber system 33 acts as the sender of a message, for example an inquiry regarding a possible business relationship. In this phase, the other subscriber system 34 has the role of the addressee, ie the potential business partner requested. Both systems have the same structural structure of functional modules and are compatible with each other. They can be permanently installed stationary for a certain user group as human-machine interfaces, for example in connection with a personal computer or a host, or alternatively in portable human-machine interfaces, such as. As cell phones, smart cards, laptops, communicators, intelligent electronic locking systems, etc., are integrated and the functions of intelligent electronic documents, credentials, keys, etc. for computer and telecommunications systems, intelligent telemetry systems, as well as intelligent systems for remote diagnosis and remote maintenance or the command input and command acceptance, etc. perceive.
Die jeweils für den Systemzugriff vorgesehene teilnehmer- systemseitige Identifizierung bzw. Verifizierung des Systembenutzers samt Authentifizierung der dabei benutzten elektronischen Legitimation bzw. Systeme erfolgt gemäss den in den CH Patentgesuchen Nr. 2150/00 und 2289/00, sowie der WO 99/02047 beschriebenen Methoden. Dabei wird das gewonnene Spektrum von HF-Identifikationssignalen, welches die Identität dieses Systems und/oder dessen Benutzer repräsentiert, in einen digitalen Datensatz gewandelt, der im Be- reich der Kryptographie, d. h. zur gesicherten Generierung und Vermittlung von Codierungsschlüsseln und anschliessend auch in der gesicherten Kommunikation eingesetzt wird.The subscriber system-side identification or verification of the system user, provided for the system access, including authentication of the electronic legitimation or systems used in this case, is carried out according to the methods described in CH Patent Applications No. 2150/00 and 2289/00, and WO 99/02047 , The spectrum of HF identification signals obtained, which represents the identity of this system and / or its user, is converted into a digital data record which is used in the area of cryptography, ie. H. is used for the secure generation and transmission of coding keys and then also in secure communication.
Die Vermittlungsprozedur läuft wie folgt ab: Ein gültiger Algorithmus wird zentral bestimmt und öffentlich bekannt gegeben .The mediation procedure proceeds as follows: A valid algorithm is determined centrally and made public.
Der erwähnte digitale Datensatz des Absenders wird als vorläufiger Codierungsschlüssel für die erste, noch unverbind- liehe Kontaktaufnahme verwendet und wird auch als Primär- Session-Key bezeichnet. Mit diesem und dem gültigen Algorithmus werden erste, relativ unsensible Daten zusammen mit systemkennzeichnenden und benutzerrepräsentativen (biomet- rischen) Daten in der Zentraleinheit (CPU) des Teilnehmersystems 33 zu einem Kryptogramm 28 chiffriert.The sender's mentioned digital data record is used as a provisional coding key for the first, yet non-binding contact is used and is also referred to as the primary session key. With this and the valid algorithm, the first, relatively insensitive data together with system-identifying and user-representative (biometric) data are encrypted in the central processing unit (CPU) of the subscriber system 33 to form a cryptogram 28.
Das Kryptogramm 28 wird zusammen mit einem weiteren Datenpaket 29, welches nur unkritische Inhalte, wie Adresse und Absender etc. zur Orientierung des Adressaten im Klartext enthält, an das Teilnehmersystem 34 des Kommunikationspartners via öffentliches Netz 30, Netzknoten 31 und Vermittlung 32 geleitet.The cryptogram 28 is passed together with a further data packet 29, which contains only non-critical content, such as address and sender etc. for the orientation of the addressee in plain text, to the subscriber system 34 of the communication partner via the public network 30, network node 31 and switch 32.
Das vom Teilnehmersystem 34 empfangene Kryptogramm 28 wird in der systemeigenen Zentraleinheit zwischengespeichert.The cryptogram 28 received by the subscriber system 34 is temporarily stored in the system's central unit.
Parallel dazu wird nun im Teilnehmersystem 34 - wie zuvor im Teilnehmersystem 33 - ebenfalls ein Primär-Session-Key und daraus ein Kryptogramm 28' erzeugt. Dieses wird aber aus dem Datensatz des Adressaten gebildet und unterscheidet sich somit vom Primär-Session-Key des Absenders in seinem Inhalt .In parallel to this, a primary session key and a cryptogram 28 'are also generated in the subscriber system 34, as was previously the case in the subscriber system 33. However, this is formed from the addressee's data record and thus differs from the sender's primary session key in its content.
Das Kryptogramm 28' wird sodann dem übermittelten Kryptogramm 28, welches ohne den bewusst nicht übertragenen Pri- mär-Session-Keys des Absenders auch nicht vom Teilnehmersystem 34 dechiffriert werden kann, rechnerisch zugeordnet. Somit entsteht ein Datenverbund oder Term, welcher als Pri- mär-Session-Key-Paar, bestehend aus den beiden Kryptogrammen 28 ' und 28 zusammen mit dem vereinbarten Algorithmus benutzt wird, um sich selbst damit für den Transfer in das Teilnehmersystem 33 chiffrieren zu lassen. Das Primär-Session-Key-Paar in Form der Kryptogramme 28' und 28 wird mit einem weiteren Datenpaket 29', welches nur unkritische Inhalte, wie Adresse und Absender etc. zur Orientierung des Empfängersystems im Klartext enthält, an das Teilnehmersystem 33 des Kommunikationspartners via öffentliches Netz 30, Netzknoten 31 und Vermittlung 32 geleitet.The cryptogram 28 'is then arithmetically assigned to the transmitted cryptogram 28, which cannot be decrypted by the subscriber system 34 without the primary session key of the sender that has not been deliberately transmitted. This creates a data network or term, which is used as a primary session key pair, consisting of the two cryptograms 28 'and 28 together with the agreed algorithm, in order to allow itself to be encrypted for the transfer into the subscriber system 33 , The primary session key pair in the form of the cryptograms 28 'and 28 is sent to the subscriber system 33 of the communication partner with a further data packet 29', which contains only non-critical content, such as address and sender, etc. for the orientation of the receiver system in plain text public network 30, network node 31 and switch 32 routed.
Mit Abschluss der Antwortsequenz sind beide Kommunikationspartner im Besitz desselben Terms, d. h. desselben Primär- Session-Key-Paars in Form der Kryptogramme 28' und 28, welche die entsprechenden physischen Individualitäten der beiden Teilnehmersysteme 33 und 34, die biometrischen Individualitäten ihrer Systembenutzer samt deren weiterer Identität gewissermassen als Signatur für künftige maschinelle Autorisationskontrollen authentisieren.Upon completion of the response sequence, both communication partners have the same term, i.e. H. the same primary session key pair in the form of cryptograms 28 'and 28, which to a certain extent authenticate the corresponding physical individualities of the two subscriber systems 33 and 34, the biometric individualities of their system users and their further identity as a signature for future machine authorization checks.
Wichtig dabei ist, dass bei den beschriebenen Sequenzen trotz des Datentransfers über ungeschützte Netze, eine Kompromittierung der Kryptogramme nicht möglich ist, wenn man davon ausgeht, dass die verwendeten Keys ausreichenden Da- tenumfang besitzen, die verwendeten Algorithmen entsprechend resistent sind und ein Abhören relevanter Daten und Keys im Klartext für die sessionsspezifische Kryptographie - insbesondere im Netz 30 - erfindungsgemäss per Prinzip ausgeschlossen wird.It is important that, despite the data transfer over unprotected networks, the cryptograms cannot be compromised if it is assumed that the keys used have sufficient data, that the algorithms used are correspondingly resistant and that relevant data is intercepted and keys in plain text for session-specific cryptography - in particular in network 30 - are excluded according to the principle.
Nach diesen beiden Sequenzen der Kontaktaufnahme sind beide Teilnehmersysteme 33 und 34 per Hardware und/oder Software in die Lage versetzt, autark und synchron, nach vorbestimm- ten programmtechnisch definierten Regeln, welche in ihnen resident gespeichert sind, aus zufälligen, sich während der Operation ergebenden Führungsgrössen, wie z. B. Endziffern der Terme, Prüf- und / oder Quersummen, usw., welche von aussenstehenden Beobachtern absolut nicht erfasst werden können und deshalb geheim bleiben, selbst gesteuerte, korrespondierende Mutierungen 39 des Session-Key-Paars mit den Kryptogrammen 28' und 28 abzuleiten und durchzuführen.After these two sequences of contacting, both subscriber systems 33 and 34 are enabled by hardware and / or software, autonomously and synchronously, according to predetermined rules defined in the program, which are resident in them, from random, resulting during the operation Management variables, such as B. final digits of the terms, checksums and / or checksums, etc., which are absolutely not recorded by outside observers can and therefore remain secret to derive and carry out self-controlled, corresponding mutations 39 of the session key pair with the cryptograms 28 'and 28.
Der besondere Vorteil dabei ist der, dass diese Mutierungen 39 während der Session in den Teilnehmersystemen 33, 34 und ggf. allen anderen beteiligten Systemen dieses offenen Gesamtsystems ausschliesslich intern ablaufen und nicht über das Netz mit seinen Abhörmöglichkeiten transferiert werden müssen. Ausserdem ist von Vorteil, dass dieses Verfahrensprinzip je nach Bedarf verfeinert und variiert werden kann.The particular advantage here is that these mutations 39 occur exclusively internally during the session in the subscriber systems 33, 34 and possibly all other systems involved in this open overall system and do not have to be transferred via the network with its listening options. It is also advantageous that this principle of the method can be refined and varied as required.
Das Resultat solcher Prozeduren ist der sogenannte Transfer-Session-Key 36, der während der betreffenden Session für den Transfer der zu schützenden, sensiblen Daten gemeinsam verbindlich benützt und anschliessend aus Gründen der Sicherheit sofort wieder gelöscht wird.The result of such procedures is the so-called transfer session key 36, which is used jointly during the session in question for the transfer of the sensitive data to be protected and is then immediately deleted again for reasons of security.
Die Tatsache, dass sowohl die Messwerte der physischen Au- thentifizierungsprozedur des benützten Teilnehmersystems, als auch die resultierenden Messwerte der biometrischen Personenidentifizierung bzw. -Verifizierung bewusst als Relativwerte statt als Absolutwerte erfasst werden und damit entscheidend dazu beitragen, dass von Session zu Session, d.h. von Nutzung zu Nutzung desselben Teilnehmersystems durch denselben Systembenutzer stets unterschiedlich hohe reihen von Messwerten resultieren, schafft die erforderlichen Voraussetzungen für die Generierung von Session Keys. Dazu können zusätzlich auch noch wechselnde externe Bedin- gungen bzw. Einwirkungen beitragen. Die wegen der Relativmessung wechselnd hohen Reihen relativer Messwerte bei der physischen Authentifizierung von Teilnehmersystemen und der biometrischen Identifizierung bzw. Verifizierung von Benutzern beinhalten innerhalb einer Session stets eindeutig in numerischer Art und Weise die sensorisch erfassten Messwerte der relevanten, repräsentativen Charakteristik inhärenter Strukturen der Prüflinge als digitalen Datensatz.The fact that both the measured values of the physical authentication procedure of the participant system used and the resulting measured values of the biometric person identification or verification are deliberately recorded as relative values instead of as absolute values and thus make a decisive contribution to the fact that from session to session, ie from Use to use the same participant system by the same system user always result in differently high series of measured values, creates the necessary conditions for the generation of session keys. Changing external conditions or influences can also contribute to this. The series of relative measured values, which are changing due to the relative measurement, in the physical authentication of subscriber systems and the biometric identification or verification of users always include in a session the measured values of the relevant, representative characteristics of the inherent structures of the test objects as a digital data set.
Der Ablauf des gesamten Verfahrens kann z.B. durch einen externen Startimpuls oder alternativ durch kurzzeitige biometrische positive Prüfung des adaptierten Prüflings etc. ausgelöst werden und dann für die Prozessdauer in Selbsthaltung gehen.The sequence of the entire process can e.g. can be triggered by an external start impulse or alternatively by a short-term biometric positive test of the adapted test object etc. and then keep on hold for the duration of the process.
Statt dessen kann aber auch der Prozessablauf von der Tatsache abhängig gemacht werden, dass während des gesamten Verfahrens der biometrische Prüfling (Finger) des autorisierten, legalen Systembenutzers permanent auf der Adapti- onsfläche des biometrischen Sensors aufgelegt bleibt oder andernfalls der Prozessablauf abgebrochen wird.Instead, the process flow can also be made dependent on the fact that the biometric test specimen (finger) of the authorized, legal system user remains permanently on the adaptation surface of the biometric sensor during the entire process or the process flow is otherwise interrupted.
Soweit die Teilnehmersysteme autonom konzipiert sind und jederzeit frei verfügbar als Sender, wie auch als Empfänger für ihre legalen Benutzer via Access Control benutzbar bleiben sollen, ist Biometrie gemäss dem Sensorsystem 49 obligatorisch, d.h. zwingend erforderlich. Demzufolge wird beispielsweise sie auf der Grundlage der genannten CH- Patentgesuche realisiert. Ausserdem wird sie auch für die Generierung von Codeschlüsseln (Keys) etc. verwendet.Insofar as the subscriber systems are designed autonomously and should remain freely available at any time as a transmitter and as a receiver for their legal users via Access Control, biometrics according to the sensor system 49 is mandatory, i.e. absolutely necessary. As a result, for example, it is implemented on the basis of the aforementioned CH patent applications. It is also used for the generation of code keys (keys) etc.
In einer anderen, von der im vorstehend beschriebenen Ausführungsbeispiel verschiedenen Applikationen, werden zusätzlich zu den beschriebenen autonom konzipierten Teilneh- mersystemen mit biometrischer Access Control für die Benutzer noch solche eingesetzt, welche der erstgenannten Version in Technik und Manipulationssicherheit entsprechen, aber wegen der entbehrlichen eigenen Access Control in Konsequenz nur in Funktion eines ausführenden Befehlsempfängers benutzt werden. Diese werden im Gegensatz zu den erstgenannten Master-Teilnehmersystemen folgerichtig als Slave- Teilnehmersysteme bezeichnet. Master- und Slavesysteme sind funktional miteinander kompatibel. Da vornehmlich die Sla- ve-Teilnehmersysteme biometrische Access Control nicht benötigen, entfällt der Sensor 49'.In another application, which differs from the exemplary embodiment described above, in addition to the autonomously designed subscriber systems with biometric access control described for the users, those are used which correspond to the former version in terms of technology and manipulation security, but because of the need for own access Control in consequence only in the function of an executing command recipient to be used. In contrast to the first-mentioned master subscriber systems, these are consequently referred to as slave subscriber systems. Master and slave systems are functionally compatible with each other. Since the slave subscriber systems in particular do not require biometric access control, the sensor 49 'is omitted.
Slave-Teilnehmersysteme werden also im praktischen Betrieb drahtlos oder via Vernetzung angesprochen und in derselben Art interaktiv authentifiziert, wie es beim ersten Ausführungsbeispiel beschrieben ist. Sicherheitstechnisch spielt dabei die Biometrie des Master-Teilnehmersystems die mass- gebende Rolle. In diesem wird auch im allgemeinen Biometrie beibehalten .In practical operation, slave subscriber systems are addressed wirelessly or via networking and are authenticated interactively in the same way as described in the first exemplary embodiment. In terms of security, the biometry of the master participant system plays a key role. In this, biometrics are generally retained.
Sinn und Zweck der Session ist der abhör- und manipulationssichere bidirektionale Transfer von z.B. Maschinenbefehlen usw. an Aktoren, Stellglieder, Servoeinrichtungen usw. Dazu sind die Slave-Teilnehmersysteme völlig ausreichend und manipulationssicher mit einer konkreten, unverwechselbaren zugewiesenen Teilnehmeradresse, z.B. einer Mobilfunk- Teilnehmernummer, ausgestattet. Ausserdem sind sie hinsichtlich ihrer physischen und strukturellen Identität als Unikat in einem dynamischen und sensorischen Verfahren wäh- rend der Session in der erfindungsgemässen Art und Weise auch ohne Biometrie sicher authentifizierbar. Schliesslich findet während der Session in Interaktion zwischen den Teilnehmersystemen Master und Slave eine komplexe mathematische und sessionsspezifische Verifikation zwischen beiden Systemen statt.The purpose of the session is the bug-proof and tamper-proof bidirectional transfer of e.g. Machine commands etc. on actuators, actuators, servo devices etc. For this purpose, the slave subscriber systems are completely sufficient and tamper-proof with a specific, unmistakably assigned subscriber address, e.g. a mobile subscriber number. In addition, with regard to their physical and structural identity, they are unique in a dynamic and sensory process during the session in the manner according to the invention and can be authenticated securely even without biometrics. Finally, a complex mathematical and session-specific verification between the two systems takes place during the session in interaction between the master and slave participant systems.
Master- und Slave-Teilnehmersysteme eignen sich nicht zuletzt wegen ihrer flexiblen Organisierbarkeit, Telekommu- niktionsfähigkeit , Miniaturisierbarkeit etc. speziell auch für hochaktuelle, qualifizierte und manipulationssichere Systeme der gesamten Schliesstechnik, wie z.B. der Gebäudeautomation samt Fernwirktechnik, Telemetrie etc. Mit gleicher Attraktivität sind sie auch im Automotive-Bereich und vielen weiteren herkömmlichen, wie auch künftigen Applikationen, vor allem auch im IT-Bereich, vorteilhaft einsetzbar . Last but not least, master and slave subscriber systems are particularly suitable for highly current, qualified and tamper-proof due to their flexible organization, telecommunications capability, miniaturizability etc. Systems of the entire locking technology, such as building automation including telecontrol technology, telemetry etc. With the same attractiveness they can also be used advantageously in the automotive sector and many other conventional as well as future applications, especially in the IT sector.

Claims

Patentansprüche claims
1. Verfahren zur gesicherten Codierungsschlüsselvermittlung und Datenübertragung zwischen einem Absender und einem Adressaten in einem öffentlichen Datennetz, dadurch gekennzeichnet, dass für eine erste Anfrage des Absenders dessen Identität, d.h. biometrisch erzeugte, den Absender eindeutig identifizierende Daten und Authentifizierungsdaten des dabei benutzten Teilnehmersystems, zusam- mengefasst in einem digitalen Datensatz als vorläufiger Codierungsschlüssel verwendet werden, für die Antwort des Adressaten die Authentifizierungsdaten seines Teilnehmersystems als vorläufiger Codierungsschlüssel verwendet werden und aus den beiden vorläufigen Codierungs- schlüsseln durch Kombination ein für den verschlüsselten Datenaustausch gemeinsam benutzbarer Transfer-Session- Key erzeugt wird.1. A method for secure coding key exchange and data transmission between a sender and an addressee in a public data network, characterized in that for a first request from the sender, their identity, i.e. biometrically generated data that uniquely identifies the sender and authentication data of the subscriber system used, combined in a digital data record, are used as a provisional coding key, for the response of the addressee, the authentication data of his subscriber system are used as a provisional coding key and from the two provisional coding keys a transfer session key that can be shared for the encrypted data exchange is generated by combination.
2. Verfahren nach Anspruch 1, dadurch gekennzeichnet, dass für die Antwort des Adressaten dessen biometrisch erzeugter, den Adressaten eindeutig identifizierender Datensatz zusammmen mit den Authentifizierungsdaten seines Teilnehmersystems als vorläufiger Codierungsschlüssel verwendet wird.2. The method according to claim 1, characterized in that for the response of the addressee, his biometrically generated data set, which uniquely identifies the addressee, is used together with the authentication data of his subscriber system as a provisional coding key.
Verfahren nach Anspruch 1, dadurch gekennzeichnet, dass zur Gewinnung des Transfer-Session-Key an den kombinierten vorläufigen Codierungsschlusseln systemintern Mutierungen vorgenommen werden. A method according to claim 1, characterized in that in order to obtain the transfer session key at the combined preliminary coding keys mutations are carried out within the system.
PCT/IB2002/000500 2001-02-21 2002-02-19 Method and system for secured transmission of code keys and for the transmission of commands and data in data networks WO2002067494A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CH3032001 2001-02-21
CH0303/01 2001-02-21

Publications (1)

Publication Number Publication Date
WO2002067494A1 true WO2002067494A1 (en) 2002-08-29

Family

ID=4491628

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2002/000500 WO2002067494A1 (en) 2001-02-21 2002-02-19 Method and system for secured transmission of code keys and for the transmission of commands and data in data networks

Country Status (1)

Country Link
WO (1) WO2002067494A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998036520A1 (en) * 1997-02-13 1998-08-20 Secure Transaction Solutions, Llc Cryptographic key split combiner
WO2000019652A1 (en) * 1998-10-01 2000-04-06 University Of Maryland Distributed shared key generation and management using fractional keys
EP1075108A1 (en) * 1999-07-23 2001-02-07 BRITISH TELECOMMUNICATIONS public limited company Cryptographic data distribution

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998036520A1 (en) * 1997-02-13 1998-08-20 Secure Transaction Solutions, Llc Cryptographic key split combiner
WO2000019652A1 (en) * 1998-10-01 2000-04-06 University Of Maryland Distributed shared key generation and management using fractional keys
EP1075108A1 (en) * 1999-07-23 2001-02-07 BRITISH TELECOMMUNICATIONS public limited company Cryptographic data distribution

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DAWSON E ET AL: "Key management in a non-trusted distributed environment", FUTURE GENERATIONS COMPUTER SYSTEMS, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 16, no. 4, February 2000 (2000-02-01), pages 319 - 329, XP004185844, ISSN: 0167-739X *

Similar Documents

Publication Publication Date Title
DE60114986T2 (en) METHOD FOR OUTPUTTING ELECTRONIC IDENTITY
EP2856437B1 (en) Method and device for control of a lock mechanism using a mobile terminal
EP3416140B1 (en) Method and device for authenticating a user on a vehicle
EP2859705B1 (en) Authorising a user by means of a portable communications terminal
DE102015208088A1 (en) Method for generating an electronic signature
EP2781058A1 (en) Smart home appliance, smart home control unit, smart home system and method for incorporating a smart home appliance into a smart home system
DE102009001959A1 (en) A method for reading attributes from an ID token over a cellular connection
DE102006060760A1 (en) Subscribers authenticating method for radio frequency identification communication system, involves encrypting calculated response and certificate associated with subscriber in randomized manner, and decrypting and authenticating response
EP2624223B1 (en) Method and apparatus for access control
EP3428830B1 (en) Id-token with secure microcontroller
EP3135546A1 (en) Car key, communication system and method for same
EP3882796B1 (en) User authentication using two independent security elements
DE102017121648B3 (en) METHOD FOR REGISTERING A USER AT A TERMINAL DEVICE
WO2021228537A1 (en) Method for coupling an authentication means to a vehicle
DE102017006200A1 (en) Method, hardware and system for dynamic data transmission to a blockchain computer network for storing personal data around this part again block by block as the basis for end to end encryption used to dynamically update the data collection process via the data transmission module in real time from sensor units. The block modules on the blockchain database system are infinitely expandable.
WO2016173994A1 (en) Method for generating an electronic signature
EP4295605B1 (en) User authentication by means of two independent security elements
WO2002067494A1 (en) Method and system for secured transmission of code keys and for the transmission of commands and data in data networks
DE102015221372A1 (en) Method for activating a configuration mode of a device
DE102020123756B3 (en) Procedure for release of use and function release device for this
EP2661022A2 (en) Method for communicating securely between a mobile terminal and an apparatus for building systems technology or door communication
EP1054364A2 (en) Method to improve security of systems using digital signatures
DE102010050195A1 (en) Reader as electronic ID
DE102005033228B4 (en) Method and security system for securing a data transmission in a communication system
EP4327511B1 (en) Personalization of a security applet on a mobile terminal

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP